These days, it’s not a matter of if your password will be breached but when. Major websites experience massive data breaches at an alarming rate. Have I Been Pwned currently has records from 295 sites comprising 5.3 billion accounts. This includes well-known names like LinkedIn, Adobe, and MySpace. Password breaches are a cause for embarrassment;...

A data security incident at a pediatric hospital affected more than 100,000 individuals including patients and employees. On 20 July, the Boys Town National Research Hospital published a "Notice of Data Security Incident" on its website. According to this statement, the Omaha-based medical...

2017 saw many data leaks and breaches that stemmed from poorly configured Amazon AWS configurations, or more specifically, configurations of AWS S3 buckets. These weren’t small leaks, either. As a result, Verizon, Dow Jones & Co and the WWE found themselves in the media for the wrong reasons. And they’re not the only ones. A quick Google search...

A shipping company suffered a ransomware attack that affected certain network systems in one of its regions of operation. On 25 July, COSCO Shipping Lines disclosed on Facebook that it had suffered a "local network breakdown" in the Americas. The company, which is owned and operated by the Chinese government, said that the incident degraded local...

On the heels of last month’s White House reorganization plan, the state of cybersecurity careers within the government is changing. In part, this plan aims to address several pressing issues in the job category within the context of government employment and to attract top talent to otherwise staling roles. Over the past few years, government...

If you haven't been targeted already, you might have at least heard about the latest "sextortion scam" that surfaced a couple weeks ago. I've been seeing the email scam making its rounds since then, and sure enough, it's now hit my own inbox. Seeing this nefarious message firsthand, I wanted to share some things to watch out for with scams like this...

Zero-day attacks have businesses and consumers alike worried about how to protect data. If we don’t know what a threat looks like, can we really protect ourselves against it? For some time, security tools have been developed with the objective of helping organizations defend against the unknown, but the reality of zero-day attacks (the fact that...

Last time, I got the opportunity to speak with Jessica Hebenstreit. Not only is she a senior security consultant who has had a lot of different roles; she’s also the chief Operating Officer of the Diana Initiative. I learned a lot from our discussion. This time, I got to speak with Monica Jain, co-founder of LogicHub Inc. It takes a lot of hard work...

Someone leaked the source code for the Exobot Android banking trojan online, leading the malware to circulate widely on the underground web. Bleeping Computer said it received a copy of the source code from an unknown individual in June. In response, it verified the authenticity of the code with both ESET and ThreatFabric. Security researchers from...

In the age of DevOps, application security is an increasing concern for organizations. But attention on application-specific security bugs is comparatively low. We have extensive online security scanners for testing online threats, but they are not so effective for detecting security vulnerabilities that are application-specific in Python, Node.js...

A data breach that's being described as Singapore's "worst" digital attack on record exposed the personal information of an estimated 1.5 million people. On 20 July, multiple ministries Singapore's government held a press conference on what they believe was a state-sponsored attack. They didn't...

Cybersecurity is generally considered to be a highly reactive field where professionals struggle to keep up with new and emerging threats. As the profession works to become more human-centered and proactive, I have attempted to design a new modeling process that is highly pertinent to these emerging priorities. It combines the existing conceptual,...

According to a new report, popular smartphone games such as "Clash of Clans" are being used to launder hundreds of thousands of dollars on behalf of credit card thieves. Researchers at Kromtech Security describe how they first came across the money-laundering ring in mid-June when they analyzed an unsecured MongoDB database. The database, which was...

Organizations face numerous primary threats and security concerns when it comes to their container environments. Those issues extend into their build environment, an area which organizations need to protect because it’s usually the least secure aspect of their container infrastructure. They also extend into other areas, including inside the...

This summer, my family and I visited a few Arizona ghost towns, and the experience made me wonder what it might have been like to travel across the Old West with all your possessions in tow. What would it feel like to ride through mountains, deserts and territories with only a canvas-covered wagon protecting your valuables? I bet they were keenly...

Microsoft announced its Identity Bounty Program through which security researchers can earn up to $100,000 for an eligible submission. On 17 July, Microsoft Security Response Center (MSRC) unveiled the creation of a new bug bounty program to help it remediate vulnerabilities affecting its Identity services. Phillip Misner, principal security group...

What does a human need to survive? Typically, the first two items are food and water followed by a place live. Most of us take for granted that our water supply is always safe and drinkable. As such a vital resource, one would think that the critical infrastructure that purifies and monitors water must be completely secure at all times....

Even if you don’t store your tax data in financial software yourself, chances are your CPA or tax preparer does. Have you ever wondered what kind of software or security procedures your trusted advisor has in place to protect your name, address, W-2, tax filings, or Social Security Number? Better yet, have you audited them? I have, and you won’t...

Four healthcare IT companies warned that a primary health organization (PHO) put up to 800,000 patients' medical data at risk. On 17 July, New Zealand and Australian healthcare companies HealthLink, Medtech Global, myPractice and Best Practice Software New Zealand sent a letter to New Zealand's...

Last time, I had the pleasure of speaking with Roxy Dee. Her expertise is in vulnerability management, and she also loves to pay it forward by giving away books to her lucky Twitter followers. This time I got to speak with Jessica Hebenstreit. She’s worn an awful lot of hats in the cybersecurity field, and now she’s a senior security consultant. She...